Building the Perfect Router/Firewall for $45

I recently replaced my Linksys WRT54GL routers (running DD-WRT of course) with an ALIX 2c3 running pfSense. Not only is it faster, better-built, and has more features, it looks cool. Unfortunately, the cost for a refurbished 2c3, enclosure, and power supply was around $150.

For those of you wanting to build your own tiny pfSense system, I’ve found an alternative. It’s not as small, or as completely quiet, but can provide just about equivalent functionality.

First, buy a used MaxTerm MaxSpeed 8300 thin client off ebay. That seller has them for $45 shipped, buy-it-now. These were sold as XP Embedded thin clients, but are actually complete PC systems with 512M memory, a VIA C3 “Ezra” 800Mhz CPU, and a 512M Compact Flash card and reader standing in for the main hard drive.

Take off the stand and top cover, and they look like this:

System Front

System Back

System Side

In these pictures, I’ve already installed an Intel Pro/100 Server-S PCI 10/100 network card in the PCI slot. The CompactFlash card reader is below the PCI slot; you’ll have to remove the small cover concealing it.

As received, these systems (I bought two) have Windows XP Embedded installed on them.

Booting Windows XP Embedded

XP Embedded

You’ll want to take the 512M CF card installed in the system, and use your USB card reader and another system (you DO have another system and a CF card reader, right?) to write the pfSense image to the card.

CF Card Slot

If you boot the system without a CF card installed, the screen will look similar to this:

BIOS Boot Screen

Once the pfSense install image is written to the card, put it back in the system and boot.

pfSense Booting

At this point all console I/O switches to the serial port. You’ll need to connect another system (or a dumb terminal, etc) to the serial port on the back of the system and continue initial configuration there. The cable should be a null modem, the speed 9600 N81.

Once initial configuration (network port and IP assignments) is done via the serial port, you can continue final configuration and setup via the web interface, and do all further management through SSH or the web.

I’ve been running a pfSense box for about two weeks now, and am really happy with it. With these thin clients, I can now build a firewall for a friend, and have a spare in case of problems with my ALIX board.

12 thoughts on “Building the Perfect Router/Firewall for $45

  1. Cool, nice write up. That’s a heck of a deal, that is likely a slightly faster system than the ~$200 ALIX. It does have a fan, though I wonder if it’s truly necessary. The box might die faster without it, but it’s so small I wonder what its impact is.

  2. The only thing keeping me from snapping up a couple of these is the RTL8139 ethernet.. A ethernet chipset that gets a instant downcheck in my book. I normally refuse to buy any system that uses one.

    I suppose I could put a dual-port intel card in there, and simply ignore the RTL8139, but that limits my options for things like 802.11 cards.

  3. Howdy,
    I have made similar firewalls out of a Neoware CA-2. It is also a 800 MHz Via processor with one memory slot and one PCI slot. I see them for $10 to $20 on ebay. They use a power supply with a special connector, so look for one with a power supply if you want it to be easy.

    A plus for the Neoware is that it is completely quiet. A negative is that it takes a while to boot. Another negative is that there is no place designed for a CF card, so I use a laptop to CF adapter and wrap it in non-conductive material and lay it in the case. I think it is slow to boot because it is trying to netboot for a while before it tries the CF card I have installed.

    I am tempted to try a MaxTerm 8300, but I wonder how noisy it is. You say it is not completely quiet, but can you elaborate on that? Does pfSense boot right up? The slow boot on the Neoware is annoying, although I don’t do it very often.

    Finally, why do you require javascript in order to post? Is that just to give the poster a quesy feeling and hence discourage it? It sure makes me uncomfortable.
    Good day,
    Ralph

  4. Ralph, the only noise from the MaxTerm is from the single fan you can see in the pictures. pfSense boots right up – the BIOS and everything on the MaxTerm is a standard PC BIOS.

    The javascript requirement is part of a WordPress plugin I use to prevent comment spam by comment spambots. A real person will have it enabled, while a bot will not. That’s the only reason it’s required.

  5. Howdy,
    Thanks for the respose. I may try one, but I found another option yesterday I’ll try first. I got 6 Wyse WT3455XL thin clients. They use a standard Via EPIA motherboard and 6 of them were $40 shipped. I want to setup pfSense firewalls for a couple of friends and this seemed too cheap to pass up.

    Spam is a problem, and I understand why you have to take precautions. But, I am a person. I don’t browse the web with javascript on. The idea of letting random people run code on my machine is just to insecure to consider seriously. Usually, if a site requires it I just leave. You have useful enough of information that I decide to take a risk. It still makes me nervous, though as I post this second response.
    Good day,
    Ralph

  6. Howdy,
    The seller I bought from has two more auctions of 6 units each. I have no relation to the seller, except as a customer, and I have not received my units yet. I’ll just be mailing a money order today. One of these auctions is at:
    http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=130322635013
    I hope it is ok to post this. I am only doing it because someone said they had trouble finding units.
    Good day

  7. I saw one of these things on Ebay, and googled up your page here when I was researching it. I went ahead and bought one with the intent of converting it to a low-power web server that I can leave running here 24/7 without significantly impacting my home utility bill. What type of power consumption do you see listed on the external power supply unit?

    Also, it looks like this unit only has USB 1.1 ports, so I’m thinking about adding a 1394a / USB 2.0 PCI card for its external drive.

    The internal flash should work perfectly for a small Puppy Linux utility system as well as store a kernel to boostrap the external drive. I’m looking forward to tinkering around with this little guy. Thanks for taking the time to document your project here, I found your information to be very helpful.

  8. FYI, the WT3455XLs can be amped up a bit – there is a set of jumpers next to the DIMM slots, by default, it runs 100MHz FSB with the jumpers off/ON/off/ON. Changing them to ON/ON/off/off jumps to 133 (which will require 133 DIMMs). This will bump the CPU from 550 to 733MHz.

    I got the info from the MB manual at:
    http://store.igojava.com/download/og/epia%20operating%20guide%20111804.pdf
    as I found it impossible to find the right MB manual/pics at the VIA site.

  9. Hi,
    I have two Maxterm 8300 thinclients (VIA Ezra 800 and VIA C3 – 1 Giga Pro) and I came across your website since I have been trying to set up pfSense on either one of my TCs with no luck. I’m trying to determine what the what the maximum CF size and RAM they would support. Right now they have 512 Mb CF cards (with XPe) and 512 Mb of RAM.

    I’m going by the book (pfSense: The Definitive Guide by Christopher M. Buechler) but using physdiskwrite to write the images on my WinXP SP3 box always gives me an error on number of bytes written (pfsense v1.2.3, thru 2.0.1) on any of 3 CF cards (512 Mb, 2Gb, and 4Gb) (Brands: PQI, Hitachi, and Sandisk Ultra I and II). If I plug the CF cards in (even with whatever physdiskwrite has written) the TCs will hang with “BTX loader 1.00 BTX version is 1.02”

    I have even used a Linux box (Ubuntu 11.04) to dd the image to the CF cards but they will hang on boot as above.

    I finally set the BIOS to boot off the USB-CDROM and could go thru the intall only with any of the 512Mb CF cards NOT the larger (2Gb and 4Gb) ones (they give me an error hda: DMA Timeout Error: Status=0x58……. retry LBA …….
    The BIOS recognizes all the CF cards correctly (on “Auto” and on “CHS”)

    On the Maxterm 8300 with the C3 – 1 Giga Pro CPU (same VT133 chipset, Northbridge, etc as the EZRA 800 133 CPU on the other Maxterm 8300) I cannot set the BIOS to boot from a USB-CDROM (BIOS options are different – only allowing me the choice of LAN, HDD0, CDROM, Floppy, etc and SCSI-FLASH) so I have to use the 512Mb CF from the EZRA Maxterm 8300 instead. The strange thing is that although the C3 – 1 Giga Pro Maxterm boots with this 512 Mb CF, it will panic after “ELF 32 – Load Image: Read failed. Unable to load kernel!”

    I would appreciate it if you or anyone else reading this could let me know or provide me with a link about the Maxspeed specs and the Neoware FAQ (reseraching these would help me at least put to rest the max Flash and RAM allowable on these TCs) – Or any advice on upgrading (ref-flash) the BIOS or BIOS settings or anything.

  10. A bit more expensive option but I’ve been running with HP T5740’s with the expansion module (typically you can get both for around $60-70). The expansion module gives you on x4 PCIe slot which I normally install an Intel dual/quad gigabit NIC. They can handle up to 4GB of ram and up to 4GB of flash storage. These run with the Atom N280 which has great PFsense performance. All the ones I have make a bit of noise on bootup but are afterwards very quiet.

  11. Good luck trying to get anything over 10Mbps on openvpn with this “thing”

Leave a Reply

Your email address will not be published. Required fields are marked *